Return-Path: Delivered-To: apmail-portals-jetspeed-dev-archive@www.apache.org Received: (qmail 13714 invoked from network); 9 Sep 2010 18:05:48 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 9 Sep 2010 18:05:48 -0000 Received: (qmail 8498 invoked by uid 500); 9 Sep 2010 18:05:48 -0000 Delivered-To: apmail-portals-jetspeed-dev-archive@portals.apache.org Received: (qmail 8448 invoked by uid 500); 9 Sep 2010 18:05:48 -0000 Mailing-List: contact jetspeed-dev-help@portals.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@portals.apache.org Received: (qmail 8437 invoked by uid 99); 9 Sep 2010 18:05:48 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Sep 2010 18:05:48 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [206.190.38.144] (HELO web51102.mail.re2.yahoo.com) (206.190.38.144) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 09 Sep 2010 18:05:24 +0000 Received: (qmail 13268 invoked by uid 60001); 9 Sep 2010 18:04:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1284055498; bh=Mvp9iQRAUx75JmppASYrtJzkQ/P0GkFxdb03aINSZIw=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=lzoFfMtRwPiTKImVP6KYUmJgoFol1ME6Z14Kgk+oVIEyIJifWdGaV5mtQTd5Is+RiqfSKp90KxEmYBykRm6vBnYMtnXcEtYMpGURKJEjfNxH1o5Vld2LVguHVYSyApAfC4E0cmtLPpIqWYzVn7BjGJqdp0W9AU5eYkKcDWb4i8E= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=3GLg2IptNxCwvTjlDprL20z7arOjaYOLNrLRq/W3sUfe6bfZOhOsv2ZKp+rgxe/SzH5y9Dt2xg5fWpLHEzFG5ckhXwNVn5N+vQgjavoqng2vBP0yhjsdHpSqj4+gmSFY21GYEBrBnFvgkZ4LS1NHczz0G4OuUchdAvwlOpETGLs=; Message-ID: <141020.10265.qm@web51102.mail.re2.yahoo.com> X-YMail-OSG: K0EFWsAVM1nDJwKTMhJHkZfJ_SlF8kH.L5tH.JUrT30uUBY tBK9fhKrHmTn.H8fMqrlHKj5w8zVrpZLS7ulVCG3A8VVjFGa5PcJMI6W18KJ I0mwkRN40MpUqKZJDHy38hfgkpoAKcL6kyQCcBxIe7R0RFIW6C0D6G6koOtq 7ZUr_lHhPua0oKjFgZY06VXORpWft0IJ883kcI4id9XNYvoQYdFOhGojQrCT RaYSrysW0T33TccvhigNubfxj9bXa.ydj84So.aqpiS1KGL8QyQsmvnAO0MD xPdeHaA8cocVxJOBuf.LULldKOmGryU3OyFOd8XMiJu7tOZsfeHdTKuoDKLc ECw3VVFLxAWEaMYFxGjU8JLRNP5o- Received: from [99.30.81.146] by web51102.mail.re2.yahoo.com via HTTP; Thu, 09 Sep 2010 11:04:58 PDT X-Mailer: YahooMailClassic/11.4.7 YahooMailWebService/0.8.105.279950 Date: Thu, 9 Sep 2010 11:04:58 -0700 (PDT) From: Woonsan Ko Subject: Re: Secure a Portlet To: Jetspeed Developers List In-Reply-To: <23537.73795.qm@web51101.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Hi Murali,=0A=0AHere are two more things you could keep in mind:=0A(1) The = login form in the JSP page could have an additional parameter named 'org.ap= ache.jetspeed.login.destination'. So, you could provide this parameter to r= edirect back to http://.. url.=0A(2) In /jetspeed/WEB-INF/assembly/administ= ration.xml, there's a bean, id=3D'org.apache.jetspeed.administration.Portal= AuthenticationConfiguration', the first constructor-arg of which forces ses= sion invalidation when authenticated. So, if you meet any problem with sess= ion invalidation, you could change this in your testing.=0A=0ABy the way, I= 've created an issue to improve this:=0Ahttps://issues.apache.org/jira/brow= se/JS2-1212=0A=0ARegards,=0A=0AWoonsan=0A=0A=0A--- On Thu, 9/9/10, Woonsan = Ko wrote:=0A=0A> From: Woonsan Ko = =0A> Subject: Re: Secure a Portlet=0A> To: "Jetspeed Developers List" =0A> Date: Thursday, September 9, 2010, 6:08 PM= =0A> Hi Murali,=0A> =0A> I haven't tried it yet, but the basic idea is to e= stablish=0A> session via http and submit the login form to https later to= =0A> share the same session between http/https requests.=0A> In j2-admin, y= ou can find the login page JSP page (e.g.,=0A> /WEB-INF/security/login/logi= n.jsp). There you can also find=0A> a html form tag like the following:=0A>= =0A>
context=3D"${portalContext= PathInUrlTag}"=0A> value=3D"${destLogin}"/>'>=0A> =0A> I think you can give= a try by making the action attribute=0A> an absolute url with https.=0A> = =0A> Regards,=0A> =0A> Woonsan=0A> =0A> --- On Thu, 9/9/10, Murali.M =0A> wrote:=0A> =0A> > From: Murali.M =0A> > Subject: Secure a Portlet=0A> > To: jetspeed-dev@portals.apache.o= rg=0A> > Date: Thursday, September 9, 2010, 9:37 AM=0A> > =0A> > Hi all,=0A= > > I'm trying to make the Login Portlet in the j2-admin=0A> secure=0A> > i= .e. when I=0A> > traverse to the page containing the Login Portlet I=0A> wa= nt to=0A> > use https=0A> > instead of http. Please help me achieving this.= =0A> > =0A> > =0A> > Thanks and Regards,=0A> > Murali Meriga.=0A> > -- =0A>= > View this message in context: http://old.nabble.com/Secure-a-Portlet-tp2= 9647374p29647374.html=0A> > Sent from the Jetspeed - Dev mailing list archi= ve at=0A> > Nabble.com.=0A> > =0A> > =0A> >=0A> ---------------------------= ------------------------------------------=0A> > To unsubscribe, e-mail: je= tspeed-dev-unsubscribe@portals.apache.org=0A> > For additional commands, e-= mail: jetspeed-dev-help@portals.apache.org=0A> > =0A> > =0A> =0A> =0A> =A0 = =A0 =A0 =0A> =0A> ---------------------------------------------------------= ------------=0A> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.a= pache.org=0A> For additional commands, e-mail: jetspeed-dev-help@portals.ap= ache.org=0A> =0A> =0A=0A=0A --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org For additional commands, e-mail: jetspeed-dev-help@portals.apache.org